Tovuti support several single sign-on providers. This article outlines the steps to set up OKTA and covers the following concepts:
- Create SSO Record in Tovuti
- Configuring Okta as Identity Provider
- Finish Configuring Tovuti as Service Provider (SP)
- User Profile Field and Attribute Mapping
- User Group Mapping
- Enable Login Link
Create SSO Record in Tovuti
Go to Configuration > click Single Sign-On > click New
Details tab
In the Details tab, provide a Title. It is suggested that the title contains a reference to Okta for easy selection in the future.
Select OKTA in “SAML Application.”
Make sure Published is toggled to Yes.
Service Provider Settings tab
Go to the Service Provider Settings tab. A unique EntityID/Issuer is created for this domain.
Configuring Okta as Identity Provider
In a separate tab, log in to Okta Admin Console > click on Applications
Click on Add Application > click Create New Application
Select Web and SAML 2.0 and click Create.
In General Settings, enter App Name, upload an optional logo, and check both boxes for App Visibility. Click Next.
In SAML Settings, enter the following information found in the Service Provider Settings (Tovuti tab).
- Single Sign-on URL (Okta Setting) > SP-Entity / Issuer (found in Tovuti)
- Audience URI (SP Entity ID) (Okta Setting) > ACS (AssertionConsumerService) URL / Single Sign-On URL (found in Tovuti)
- Default RelayState (Okta Setting) > Your URL
- Name ID Format (Okta Setting) > Set to Email Address
Configure Attribute Statements and optionally, Group Attribute Statement.
To include all Groups in the SAML Assertion, use “Matches regex” in the filter option.
In the “Help Okta Support understand…” block, select “I’m an Okta customer adding an internal app” and “This is an internal app that we have created.”
Click Finish.
For more information directly from Okta on this process, see the following documentation.
Additionally, view documentation for adding groups to apps and configuring the identity provider.
Finish Configuring Tovuti as Service Provider (SP)
Within the Okta Setup Instructions will be found the Identity Provider Issuer, Identity Provider Single Sign-on URL, and X.509 Certificate.
Copy this information and paste it into the "Identity Provider Settings Tab."
Click Update >Click Test Configuration. This will show you what Attributes and Values are being sent in the Okta SAML Assertion. This will ultimately help with Fields and Groups.
User Profile Field and Attribute Mapping
After configuring all the settings in Okta > click the User Profile Field Mapping tab in Tovuti
Enable the desired settings and provide the attributes found in Okta. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab sync profile fields and attributes information between Tovuti and Okta. The details of the User Profile Field Mapping tab are covered in this Help Center article.
While auto-registering the users on the Tovuti site, these attributes automatically map to Tovuti user details.
User Group Mapping
Click the User Group Mapping tab.
Enable the desired settings and provide the attributes found in Okta. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab will sync group information between Tovuti and Okta. The details of the User Group Mapping tab are covered in this Help Center article.
While auto-registering, the users are assigned roles based on the group they are mapped to.
At any time, the configuration can be tested in the Identity Provider Settings tab.
It is recommended to run multiple tests over time to ensure everything is working properly.
Enable Login Link
Go to Details tab > toggle Yes on Add Login Link to Navigation > select the menu where this link appears and give the link a name
Click Save.